[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] Designating DNS discovery for non-HTTP URIs
On Thu, Jan 8, 2009 at 8:44 AM, Eran Hammer-Lahav <eran@hueniverse.com> wrote: > This is one of the options (see my reply to Peter). But it has to be "Add > DNS record to authorize" and not "Add DNS record to forbid". The real > problem is that an eager HTTP admin will be able to hijack an organization > identity services or other sensitive discovery-based data without anyone > having any control over it. In most companies, there is a clear separation > between the postmaster and webmaster and we need to make sure not to > introduce security issues. Hrmm. I thought I understood where you were going with this thread, until I read that you considered the DNS and HTTP check security relevant. DNS as used and deployed today does not offer useful security, so "Add DNS record to authorize" is not a particularly meaningful security check. Going back to square one... you mention "an eager HTTP admin will be able to hijack an organization identity services... without anyone having any control over it." I think the focus on "eager HTTP admin" is where the threat model is broken. You should worry about "a motivated attacker who controls the network and has hacked the web server will be able to hijack an organizations identity services." DNS doesn't help with that threat model. Out of band key exchange (like most SAML deployments) does. Cheers, Brian
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]